2 matches found
CVE-2009-2022
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...
CVE-2009-2022
CVE-2009-2022 affects fipsCMS Light 2.1. The issue is improper access control that allows a remote attacker to download the database file (_fipsdb/db.mdb) from the web root, exposing sensitive information. Impact is partial confidentiality. No exploitation details or fixes are provided in the con...